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DETAILED ACTION 

Claims 1-20 have been presented for examination. 

Claim Objections 

Claim 17 is objected to because of the following informalities: in line 1, "random" 
should read "random number". 

Appropriate correction is required. 

Allowable Subject Matter 

Claims 1 1, 12, and 16 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at^e time the 

pSlohrf 8 ^ !°. a PerSOn haVi " 9 ordinary ski " in the art t0 which said object matter pertains 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-3, 6-10, 13-15, and 18-19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Parfenov et al., (U.S. Publication No. 2002/0138728 and Parfenov 
hereinafter), in view of Perlman, (U.S. Patent No. 5,892,828 and Perlman hereinafter). 
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Regarding claim 1 , Parfenov discloses a method for providing a user with access 
to multiple accounts (i.e., affiliate service providers) using a common password which is 
valid for each of the multiple accounts. 

Parfenov does not expressly disclose wherein each of the multiple accounts has 
associated with it a unique designated password. 

However, Perlman discloses wherein each of the multiple accounts has 
associated with it a unique designated password (i.e., user objects associate a given 
user with one or more application secrets, referred to as "keychains")(Col. 4, lines 31-67 
and Col. 5, lines 1-55). 

Furthermore, Parfenov discloses the method comprising: 

generating a designated password which is to be associated with at least one of 
the user's multiple accounts; 

receiving login information from the user for the at least one of the user's multiple 
accounts, wherein the login information includes a user ID belonging the user and the 
user's common password; and 

Parfenov does not expressly disclose a designated password for each of the 
user's multiple accounts, which is derived form a common password provided by the 
user. 

However, Perlman discloses determining if the user has provided valid login 
information based on a comparison which takes into the account the user's ID (i.e., a 
user name), common password (i.e., user secret/password) and the designated 
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password (i.e., application secret) generated for the at least one of the user's multiple 
accounts (Col. 4, lines 53-63 and Col. 5, lines 55-67 and Col. 6, lines 1-50). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include a designated password for each of the user's multiple accounts 
which is derived form a common password provided by the user with the motivation to 
dynamically authenticating a user to various services and applications in a distributed 
network system using a single common password (Perlman, Col. 3, lines 27-30). 

Regarding claim 2, Parfenov does not expressly disclose wherein the designated 
password is generated by a hash function of the common password and some 
account-dependent information. 

However, Perlman discloses wherein the designated password is generated by a 
hash function of the common password and some account-dependent information (Col. 
6, lines 50-67 and Col. 7, lines 1-10). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include generating a designated password for each of the user's multiple 
accounts by implementing a hash function to the user's common password with the 
motivation to dynamically authenticating a user to various services and applications in 
a distributed network system using a single common password (Perlman, Col. 3, lines 
27-30). 
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Regarding claim 3, Parfenov discloses using a symmetric key encryption 
algorithm (Page 3, Par. 0029). 

Parfenov does not expressly disclose further comprising forming a symmetric key 
from the results of the hash function. 

However, Perlman discloses further comprising hash function encryption 
algorithm (i.e., after user provides the password, the routine hashes it, if the resulting 
hash value matches the stored hash value, then the user is reliably authenticated)(Col. 
6, lines 50-67 and Col. 7, lines 1-10). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include generating a designated password for each of the user's multiple 
accounts by implementing a hash function to the user's common password using a 
symmetric key encryption algorithm with the motivation to dynamically authenticating a 
user to various services and applications in a distributed network system using a single 
common password (Perlman, Col. 3, lines 27-30). 

Regarding claim 6, Parfenov discloses wherein receiving login information from 
the user for at least one of the user's multiple accounts, wherein the login information 
includes a user ID and the user's common password includes providing at least one 
input facility for the user to provide the user ID and common password (Page 3, Par. 
0025-0026). 
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Regarding claim 7, Parfenov does not expressly disclose the designated 
password generated for the at least one of the user's multiple accounts. 

However, Perlman discloses wherein determining if the user has provided valid 
login information based on a comparison which takes into the account the user's ID(i.e., 
user name), common password (i.e., user secret/password) and the designated 
password generated for the at least one of the user's multiple accounts (i.e., the hashed 
value)(Col. 4, lines 52-67) includes: 

performing a hash function upon the designated password, and comparing the 
results of the hash function upon the designated password with a corresponding stored 
result to determine if a match exists (Col. 6, lines 50-67 and Col. 7, lines 1-10). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include generating a designated password for each of the user's multiple 
accounts by implementing a hash function to the user's common password and 
comparing it with the stored hashed value with the motivation to dynamically 
authenticating a user to various services and applications in a distributed network 
system using a single common password (Perlman, Col. 3, lines 27-30). 

Regarding claim 8, Parfenov does not expressly diclose further comprising 
providing access to the at least one of the user's multiple accounts if a match exists. 
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However, Perlman discloses further comprising providing access to the at least 
one of the user's multiple accounts if a match exists (Col. 7, lines 1-10). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include generating a designated password for each of the user's multiple 
accounts by implementing a hash function to the user's common password, comparing 
it with the stored hashed value, and providing access if a match exists with the 
motivation to dynamically authenticating a user to various services and applications in 
a distributed network system using a single common password (Perlman, Col. 3, lines 
27-30). 

Regarding claim 9, Parfenov does not expressly disclose wherein determining if 
the user has provided valid login information based on a comparison which takes into 
the account the user's ID, common password and the designated password generated 
for the at least one of the user's multiple accounts. 

However, Perlman discloses wherein determining if the user has provided valid 
login information based on a comparison which takes into the account the user's ID, 
common password and the designated password generated for the at least one of the 
user's multiple accounts includes: 

calculating the designated password (i.e., hashed value of the password) 
according to a password transform algorithm (i.e., hash function)(Col. 3, lines 34-49). 
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Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Penman to include generating a designated password for each of the user's multiple 
accounts by implementing a hash function to the user's common password with the 
motivation to dynamically authenticating a user to various services and applications in 
a distributed network system using a single common password (Perlman, Col. 3, lines 
27-30). 

Regarding claim 10, Parfenov discloses a method for providing access to 
multiple online accounts via a common password, the method comprising: receiving a 
common password associated with an online account; and 

parfenov does not expressly disclose generating the designated password. 
However, Perlman discloses determining if the universal password is valid for the 
associated online account based upon a designated password which was previously 
generated for the associated online account, wherein the designated password was 
previously generated based upon a password transform calculation (i.e., hash 
function)(Col. 6, lines 18-50). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include generating a designated password for each of the user's multiple 
accounts by implementing a hash function to the user's common password with the 
motivation to dynamically authenticating a user to various services and applications in 
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a distributed network system using a single common password (Perlman, Col. 3, lines 
27-30). 

Regarding claim 13, Parfenov does not expressly disclose generating a 
designated password. 

However, Perlman discloses further comprising: 

generating a designated password (i.e., application secrets for pre-determined 
application programs) for each of the multiple online accounts which is accessible via 
the common password (Col, 4, lines 53-67 and Col. 5, lines 1-55). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include generating a designated password for each of the user's multiple 
accounts by implementing a hash function to the user's common password with the 
motivation to dynamically authenticating a user to various services and applications in 
a distributed network system using a single common password (Perlman, Col. 3, lines 
27-30). 

Regarding claim 14, Parfenov does not expressly disclose generating a 
designated password for the user's for each of the multiple online accounts. 

However, Perlman discloses a method for providing access to multiple Web 
accounts via a universal password which is valid for the multiple Web accounts, the 
method comprising: 
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providing a designated password for each of the multiple Web accounts, 
receiving the universal password for access to at least one of the multiple Web 
accounts (Col. 4, lines 53-67 and Col. 5, lines 1-55); 

determining if the universal password (i.e., user secret/password) is valid based 
on the associated designated password for the at least one of the multiple Web 
accounts (Col. 6, lines 18-67 and Col. 7, lines 1-10); and 

providing access to the at least one of the multiple Web accounts provided the 
universal password is valid (Col. 5, lines 55-67 and Col. 6, lines 1-67). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include generating a designated password for each of the user's multiple 
accounts for her/him to access various services and applications in a distributed 
network system by implementing a hash function to the user's common password with 
the motivation to dynamically authenticating a user to various services and applications 
in a distributed network system using a single common password (Perlman, Col. 3, 
lines 27-30). 



Regarding claim 15, Parfenov does not expressly disclose the designated 
password calculated from a hash function. 

However, Perlman discloses wherein the designated password is calculated for 
each of the multiple Web accounts (i.e., authenticating a user to various services and 
applications in a distributed network system) based on a hash function which 
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incorporates the universal password as an input to the hash function (Col. 6, lines I8- 
60). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include generating a designated password for each of the user's multiple 
accounts for her/him to access various services and applications in a distributed 
network system by implementing a hash function to the user's common password with 
the motivation to dynamically authenticating a user to various services and applications 
in a distributed network system using a. single common password (Perlman, Col. 3, 
lines 27-30). 

Regarding claim 19, Parfenov does not expressly disclose the designated 
password calculated from a hash function. 

However, Perlman discloses further comprising: providing a new designated 
password for the at least one of the multiple Web accounts if requested (i.e., requesting 
through user login)(Col. 4, lines 53-67 and Col. 5, lines 1-55). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov with the teachings 
of Perlman to include generating a designated password for each of the user's multiple 
accounts by implementing a hash function to the user's common password with the 
motivation to dynamically authenticating a user to various services and applications in 
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a distributed network system using a single common password (Perlman, Col. 3, lines 
27-30). 

Claims 4 and 5 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Parfenov et al., (U.S. Publication No. 2002/0138728 and Parfenov hereinafter) and 
Perlman, (U.S. Patent No. 5,892,828 and Perlman hereinafter), in view of Gressel et al, 
(U.S. Patent No.5,664,017 and Gressel hereinafter). 

Regarding claim 4, Parfenov or Perlman does not expressly disclose wherein the 
symmetric key is used to encrypt the random number. 

However, Gressel discloses wherein the symmetric key is used to encrypt the 
random number (Col. 9, lines 38-45). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov and Perlman with 
the teachings of Gressel to include an encrypted random number in the authentication 
process with the motivation to provide an improved method and apparatus for 
international and national encryption and decryption of sensitive data so as to preserve 
confidentiality and message integrity (Gressel, Col. 2, lines 7-11). 

Regarding claim 5, Parfenov or Perlman does not disclose wherein the random 
number is encrypted via a symmetric encryption algorithm. 
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However, Gressel discloses wherein the random number is encrypted via a 
symmetric encryption algorithm (Col. 9, lines 38-45). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov and Perlman with 
the teachings of Gressel to include an encrypted random number in the authentication 
process with the motivation to provide an improved method and apparatus for 
international and national encryption and decryption of sensitive data so as to preserve 
confidentiality and message integrity (Gressel, Col. 2, lines 7-11). 

Claims 17 and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Parfenov et al., (U.S. Publication No. 2002/0138728 and Parfenov hereinafter) and 
Perlman, (U.S. Patent No. 5,892,828 and Perlman hereinafter), in view of Nguyen, (U.S. 
Patent No. 5,689,566 and Nguyen hereinafter). 

Regarding claim 17, Parfenov does not expressly disclose generating designated 
passwords using hash functions. 

Perlman discloses using hash functions to dynamically authenticate a user to 
various services and applications in a distributed network system using a single 
common password (Col. 3, lines 27-30). 

Perlman does not expressly disclose incorporating a random number as an input 
to the hash function. 
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However, Nguyen discloses wherein the hash function also incorporates a 
random number as an input to the hash function (Col. 4, lines 10-20). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov and Perlman with 
the teachings of Nguyen to manipulate random numbers with a hash function with the 
motivation to ensure that access to data is restricted to authorized parties while at the 
same time providing more consistent performance (Nguyen, Col. 1, lines 60-65). 

Regarding claim 20, Parfenov does not expressly disclose generating a 
designated password using a hash function. 

Perlman does not expressly disclose calculating the new designated password 
using the universal password and a random number. 

However, Nguyen discloses wherein providing a new designated password for 
the at least one of the multiple Web accounts if requested includes: 

generating a random number, and calculating the new designated password (i.e., 
CRC signature) based on at least the universal password (i.e., a key Ka from the user 
ID and password using a one way hash function such as the Secure Hash Standard, 
SHS) and the random number (Col. 4, lines 10-20). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify the teachings of Parfenov and Perlman with 
the teachings of Nguyen to manipulate random numbers with a hash function with the 
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motivation to ensure that access to data is restricted to authorized parties while at the 
same time providing more consistent performance (Nguyen, Col. 1, lines 60-65). 

Claim 18 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Parfenov et al., (U.S. Publication No. 2002/0138728 and Parfenov hereinafter) and 
Perlman, (U.S. Patent No. 5,892,828 and Peiiman hereinafter), in view of Abraham, 
(U.S. Patent No. 6,606,387 and Abraham hereinafter). 

Regarding claim 18, Parfenov does not expressly disclose generating a 
designated password based on a universal password. 

Perlman discloses wherein determining if the universal password (i.e., user 
secret/password) is valid based on the associated designated password (i.e., 
application secret associated with the user) for the at least one of the multiple Web 
accounts includes: 

receiving a user ID (i.e., user name during login)(Col. 4, lines 53-65); 

receiving the associated designated password, and comparing the received 
associated designated password with a corresponding saved designated password for 
the at least one of the multiple Web accounts (Col. 6, lines 50-67 and Col. 7, lines 1-10); 

Perlman does not expressly disclose retrieving an encrypted random number 
based on the user ID. 

However, Abraham discloses: 
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retrieving an encrypted random number based on the user ID (i.e., unique 
reference numbers)(Col. 8, lines 3-26). 

Therefore, it would have been obvious to a person of ordinary skill in. the art at 
the time of applicant's invention to modify the teachings of Parfenov and Perlman with 
the teachings of Abraham to include retrieving an encrypted random number based on 
the user id (i.e., unique reference numbers) with the motivation to provide a system 
and method for securely establishing a cryptographic key between a first cryptographic 
device and a second cryptographic device wherein a plurality of unrelated random 
numbers are distributed to serve as key components and for ensuring a high probability 
that a cryptographic key established between a first cryptographic device and a second 
cryptographic device is unique (Abraham, Col. 2, lines 57-67). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Arezoo Sherkat whose telephone number is (703) 305- 
8749. The examiner can normally be reached on 8:00-4:30 Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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